New Online Security Risk 'Heartbleed' Exposes Just About Everyone

Updated: 04/09/2014 10:48 PM KSTP.com
By: Jay Kolls

Security researchers have found a big, software security problem for two-thirds of the Internet. The gaping security hole is great concern to anyone who shops online, banks online, uses email or social media sites.

Mark Lanterman owns Computer Forensics. He is a nationally recognized computer forensic investigator. He tells 5 EYEWITNESS NEWS, "Amazon, your banks, any server, 66 percent of the web servers on the internet are vulnerable to this attack."

That's because many of them use the same software to encrypt or protect sensitive information. And this week, security researchers found a problem with the code. When the software is working - you click on a secure web site. The site identifies itself and sends that information to your browser. The browser verifies that and sends information back. If it trusts the site, both the web site and browser encrypt any communication.

Lanterman says that first connection is known as a heartbeat. With the hole in the code, a hacker could send out a secret heartbeat and retrieve any information that is still in memory and that's why the security gap is called "Heartbleed."

"So, that could include your user names and your passwords. In our testing it returned my VPN credentials. This is very, very serious." Lanterman said everyone is vulnerable even small companies that don't have a big online presence.

Lanterman says the problem is on the server's end of the computer and not the consumers. So, he says, about the only thing consumers can do to protect themselves from this latest computer software security breach is to change their passwords.